1. Field of the Invention
The present invention relates to cryptographic keys. More specifically, the present invention relates to a method and an apparatus for establishing a cryptographic key using an identity based symmetric keying technique.
2. Related Art
Users of modem networked computing and communication systems routinely use cryptographic techniques when communicating with other systems to prevent disclosure of the contents of the communications and to authenticate the source of the communications. In general, these cryptographic techniques and algorithms are well known and are easily implemented. One of the hardest problems in using these cryptographic techniques is to establish a shared key to encrypt communications between nodes.
Conventional cryptographic mechanisms for key establishment either lack the required flexibility or are too expensive to use in wireless, resource-limited ad-hoc networks. Expensive, in this context, means that these key establishment mechanism require excessive electrical energy, excessive time, excessive computing power, excessive bandwidth, or a combination of these along with other factors. Many ad-hoc networks facilitate wireless communications among participating fixed and mobile units without relying on existing infrastructure, such as the towers and landlines that make up the current cellular telephone systems or on satellites and ground stations.
Existing key establishment techniques rely either on public key cryptography or on symmetric key cryptography combined with special trusted devices called key distribution centers (KDCs) or key translation centers (KTCs). The problem with public key based techniques is that they are expensive; requiring excessive energy, time, and computing power. The problem with symmetric key based techniques is that, while they are relatively efficient, they lack flexibility. For example, key distribution schemes such as Kerberos (Miller, Neuman, Schiller & Saltzer, “Kerberos Authentication and Authorization System”, Project Athena Technical Plan, 1987) and Otway-Rees (Otway and Rees, “Efficient and Timely Mutual Authentication”, Operating Systems Review, 21 (1987) 8–10) protocols require that their databases be updated whenever an unfamiliar unit participates in a key establishment session with any KDC. These databases contain the keys that the KDC shares with other nodes. This inflexibility can be addressed by updating the database of the KDC; however, since the KDC can itself be a wireless node, and perhaps a mobile node, this update is expensive both in terms of energy and bandwidth.
What is needed is a method and an apparatus that provides for establishing shared cryptographic keys between participating nodes without the difficulties listed above.